Hacker News new | comments | show | ask | jobs | submit login
Web Budget API Draft (wicg.github.io)
61 points by edward 175 days ago | hide | past | web | favorite | 16 comments

Can anyone summarize how this works and the use case for this API?

Edit: Here's a good summary: https://developers.google.com/web/updates/2017/06/budget-api

Basically, this lets you run low-cost background tasks without a confirmation from the user. I really, really don't like this, and I hope that, at the very least, this is easy to disable in all the popular browsers.

Edit 2: The above is not correct; browsers already allow a limited amount of background work to happen, and this API just exposes the budget information to the developer. Thanks for the clarification, swsieber.

No - it doesn't. Quote:

"This specification does not define how user agents establish or store the amount of current budget. It aims to define an API that exposes sufficient information to make the budget useful for authors, while not restricting the implementation details and heuristics specific to a user agent."

So basically, the Push API and Web Background Synchronization actually do that. This just lets pages programmatically find out what the limits are like.

To make an analogy to localStorage - this api is like being able to query local storage for how much space is available, and how often it gets deleted.

So what you're saying is that browsers already allow limited things like push notifications to happen silently without user consent, and this API just exposes the budget/cost for those actions? I'm not up-to-date on the background APIs that browsers expose, but this quote from the Google doc seems to be at odds with what you're saying, if I understand it correctly:

"The Push Messaging API enables us to send notifications to a user even when the browser is closed. [...] but the API has one important restriction: you must always display a notification for every single push message recieved."

And later:

"The Budget API, is a new API designed to allow developers to perform limited background work without notifying the user, such as silent push or performing a background fetch."

Edit: Reading through the spec more closely, it appears you are correct in that this is already happening on the browser side, and that this API just exposes the budgeting details to the developer. The Google Developer page's wording is just somewhat misleading. Thanks for the clarification.

Push notifications – by spec and by all implementations I'm aware of – must not be sent without explicit user consent: https://w3c.github.io/push-api/#security-and-privacy-conside...

Sorry, when I said "without user consent" I really meant "with the tab closed". :) Brain fart.

> Can anyone summarize how this works and the use case for this API?

Both the parent link and the link you specified clearly outline their use cases. Basically, because of a shift to work that can be done invisibly or without a user's consent in a browser, it's important to allow the user to make an informed consent to processor intensive tasks. This API is a step in that direction.

An additional summary (with sample code!) lies in the explainer document:


For anyone not familiar with WICG (as I wasn't), WICG stands for Web Platform Incubator Community Group. Its goal is to discuss new (web) platform features[0]. In participants I'm seeing a lot of Google, Mozilla, and Microsoft names, as well as other tech players like Intel, Apple, and others[1].

[0]https://www.w3.org/blog/2015/07/wicg/ [1]https://www.w3.org/community/wicg/participants

farrrr out the web is getting more and more complicated!!

it used to be HTML and CSS. With all these developments it's turning into a javascript based operating system working out of browsers.


It used to be plain text, now you can make real applications on it and for the most part they run sandboxed and with little privilege.

I think this is a win for both users (who can get full apps without giving dubious software full access to their system) and developers (who can distribute apps that are generally much faster to download)

Plus you can still deploy your 20-year-old HTML and CSS pages. How cool is that? (Yep, CSS is literally 20.5 years old)

This should probably be a schema instance and should probably go through the Oasis standards body. Once the API is defined you can execute upon it however you wish.

Could you clarify why you think this? I don't see any connection between this API and the types of standards OASIS works on.

Oasis typically standardizes schemas and business logic. I see an API spec as an implementation of rules, which is really what a schema is. Typically schemas are defined in XML and this API is defined with JavaScript code examples for use in JavaScript, but again that is an implementation detail that shouldn't have significant weight on the rules of the API's design.

This keeps indicating to me the possibility that chrome is opening and executing javascript from websites without a tab for them open.

Can anyone explain how I can tell how many magic background apps I might have running on Chrome for Android without my consent?

They're called Service Workers and you would have had to have given them consent to run. So to answer your question: zero. There are zero apps running without your consent.

Do any of you know the tool used to generate this documentation?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact